make AdminIdentity configureable per user See merge request !1tags/v0.45.0
- ALL=(otheruser) /usr/bin/script.sh | - ALL=(otheruser) /usr/bin/script.sh | ||||
sudo_defaults: | sudo_defaults: | ||||
- '!requiretty' | - '!requiretty' | ||||
# enable polkitadmin to make user an AdminIdentity for polkit | |||||
polkitadmin: True | |||||
shell: /bin/bash | shell: /bin/bash | ||||
remove_groups: False | remove_groups: False | ||||
prime_group: | prime_group: |
- users.user_files | - users.user_files | ||||
{%- endif %} | {%- endif %} | ||||
{%- endif %} | {%- endif %} | ||||
- users.polkit | |||||
{% for name, user in pillar.get('users', {}).items() | {% for name, user in pillar.get('users', {}).items() | ||||
if user.absent is not defined or not user.absent %} | if user.absent is not defined or not user.absent %} |
'bash_package': 'bash', | 'bash_package': 'bash', | ||||
'sudo_package': 'sudo', | 'sudo_package': 'sudo', | ||||
'googleauth_package': 'libpam-google-authenticator', | 'googleauth_package': 'libpam-google-authenticator', | ||||
'polkit_dir': '/etc/polkit-1/localauthority.conf.d', | |||||
'polkit_defaults': 'unix-group:sudo;' | |||||
}, | }, | ||||
'Gentoo': { | 'Gentoo': { | ||||
'sudoers_dir': '/etc/sudoers.d', | 'sudoers_dir': '/etc/sudoers.d', | ||||
'bash_package': 'bash', | 'bash_package': 'bash', | ||||
'sudo_package': 'sudo', | 'sudo_package': 'sudo', | ||||
'googleauth_package': 'libpam-google-authenticator', | 'googleauth_package': 'libpam-google-authenticator', | ||||
'polkit_dir': '/etc/polkit-1/localauthority.conf.d', | |||||
'polkit_defaults': 'unix-group:sudo;' | |||||
}, | }, | ||||
}, merge=salt['pillar.get']('users:lookup')) %} | }, merge=salt['pillar.get']('users:lookup')) %} |
{% from "users/map.jinja" import users with context %} | |||||
{% set polkitusers = {} %} | |||||
{% set polkitusers = {'value': ''} %} | |||||
{% for name, user in pillar.get('users', {}).items() %} | |||||
{% if user.absent is not defined or not user.absent %} | |||||
{% if 'polkitadmin' in user and user['polkitadmin'] %} | |||||
{% if polkitusers.update({'value': polkitusers.value + 'unix-user:' + name + ';'}) %} | |||||
{% endif %} | |||||
{% endif %} | |||||
{% endif %} | |||||
{% endfor %} | |||||
{% if polkitusers.value != '' %} | |||||
users_{{ users.polkit_dir }}/99salt-users-formula.conf: | |||||
file.managed: | |||||
- replace: True | |||||
- onlyif: 'test -d {{ users.polkit_dir }}' | |||||
- name: {{ users.polkit_dir }}/99salt-users-formula.conf | |||||
- contents: | | |||||
######################################################################## | |||||
# File managed by Salt (users-formula). | |||||
# Your changes will be overwritten. | |||||
######################################################################## | |||||
# | |||||
[Configuration] | |||||
AdminIdentities={{ users.polkit_defaults }}{{ polkitusers.value }} | |||||
{% else %} | |||||
users_{{ users.polkit_dir }}/99salt-users-formula.conf_delete: | |||||
file.absent: | |||||
- name: {{ users.polkit_dir }}/99salt-users-formula.conf | |||||
{% endif %} |